1 / 24

HI-TEC 2011 SQL Injection

HI-TEC 2011 SQL Injection. ODBC or OLE DB Or ADO. Web Server Apache or IIS HTML Forms CGI Scripts. Database SQL Server or Oracle or MySQL. HTTP or HTTPS. Client ’ s Browser. Common Web Application Vulnerabilities. Common Web Application Vulnerabilities. Cross-Site Scripting (XSS)

oleblanc
Download Presentation

HI-TEC 2011 SQL Injection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HI-TEC 2011SQL Injection

  2. ODBC or OLE DB Or ADO Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL HTTP or HTTPS Client’s Browser

  3. Common Web Application Vulnerabilities

  4. Common Web Application Vulnerabilities • Cross-Site Scripting (XSS) • SQL Injection • Cross-Site Request Forgery (CSRF)

  5. Cross-Site Scripting (XSS) Attacks • One user injects code that attacks another user • Common on guestbooks, comment pages, forums, etc. • Caused by failure to filter out HTML tags • These characters < > " & • Also watch out for hex-encoded versions • %3c instead of < • %3e instead of > • %22 instead of "

  6. Cross-Site Scripting (XSS) • One client posts active content, with <script> tags or other programming content • When another client reads the messages, the scripts are executed in his or her browser • One user attacks another user, using the vulnerable Web application as a weapon

  7. <script>alert("XSS vulnerability!")</script> • <script>alert(document.cookie)</script> • <script>window.location="http://www.ccsf.edu"</script>

  8. XSS Scripting Effects • Steal another user's authentication cookie • Hijack session • Harvest stored passwords from the target's browser • Take over machine through browser vulnerability • Redirect Webpage • Many, many other evil things…

  9. Common XSS Payloads • See link Ch 12z06

  10. Cross-Site Scripting Countermeasures • Filter out < > ( ) # & and the variants of them • HTML-encode output, so a character like < becomes &lt; -- that will stop scripts from running • In IE 6 SP1 or later, an application can set HttpOnly Cookies, which prevents them from being accessed by scripts • Analyze your applications for XSS vulnerabilities • Fix the errors you find

  11. Common Web Application Vulnerabilities • SQL Injection

  12. SQL Injection Comic • xkcd.org – a great comic • Link Ch 11i

  13. SQL Injection Example HTML form collects name and pw SQL then uses those fields: SELECT * FROM customer WHERE username = ‘name' AND password = ‘pw' If a hacker enters a name of ’ OR 1=1 -- The SQL becomes: SELECT * FROM customer WHERE username = ‘’ OR 1=1 --' AND password = ‘pw‘ Which is always true, and returns all the records

  14. HackThisSite

  15. WebGoat Demo

  16. Web App Vulnerability Scanner

  17. Finding Vulnerable Web Apps with Google • Inurl:SELECT%20FROM

  18. Expensive Commercial Tools • HP WebInspect and Security Toolkit • Rational AppScan • Cenzic Hailstorm

  19. Cenzic Hailstorm • Highly rated commercial Web applicaion vulnerability scanner • Links Ch 11o, 11p

  20. Other Web Vulnerabilities

  21. Nikto

  22. Tamper Data Demo • Vulnerable Message Board

  23. Acts like a proxy server • You can see POST data and alter it • This will defeat client-side validation

  24. Cold Calls

More Related